From 82d77cd8323f6d4473fcb68517752a778970138d Mon Sep 17 00:00:00 2001
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Sat, 16 Apr 2016 18:12:22 +0100
Subject: [PATCH] Fix bug #3: EAX produces wrong tag for empty AAD

This was caused by the CMAC update function with len=0 and isfinal=1
doing nothing (because the work it needed to do already happened
with the last message).

Now:
- CMAC defends against and documents this case.
- EAX makes the correct CMAC calls.
---
 src/eax.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/eax.c b/src/eax.c
index 59fc168..80ba46f 100644
--- a/src/eax.c
+++ b/src/eax.c
@@ -32,8 +32,14 @@ static void cmac_compute_n(cf_cmac_stream *ctx,
   firstblock[blocksz - 1] = t;
 
   cf_cmac_stream_reset(ctx);
-  cf_cmac_stream_update(ctx, firstblock, blocksz, 0);
-  cf_cmac_stream_update(ctx, input, ninput, 1);
+  if (ninput)
+  {
+    cf_cmac_stream_update(ctx, firstblock, blocksz, 0);
+    cf_cmac_stream_update(ctx, input, ninput, 1);
+  } else {
+    cf_cmac_stream_update(ctx, firstblock, blocksz, 1);
+  }
+
   cf_cmac_stream_final(ctx, out);
 }